package org.JDBC;

// 添加必要的导入语句
import org.junit.Test;
import java.sql.*;

public class LoginTest {

    private String driverClass = "com.mysql.cj.jdbc.Driver";
    private String url = "jdbc:mysql://127.0.0.1:3306/briup";
    private String user = "root";
    private String password = "1234";
    
    @Test
    public void test_login() {
        Connection conn = null;
        PreparedStatement stmt = null; // 使用PreparedStatement防止SQL注入
        ResultSet rs = null;
        try {
            //提前准备好用户名和密码（实际开发中需要在前端页面上录入）
            String username = "admin";
            String passwd = "admin";
            //1.加载注册驱动
            Class.forName(driverClass);
            //2.获取连接对象
            conn = DriverManager.getConnection(url,user,password);
            //3.获取PreparedStatement对象
            String sql = "select count(*) from t_user where name = ? and password = ?";
            stmt = conn.prepareStatement(sql);
            stmt.setString(1, username);
            stmt.setString(2, passwd);
            //4.执行SQL语句
            rs = stmt.executeQuery();
            //5.处理结果集
            while(rs.next()) {
                int count = rs.getInt(1);
                System.out.println("count: " + count);
                if(count == 0)
                    System.out.println("登录失败！");
                else
                    System.out.println("登录成功！");
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            //6.释放资源
            if(rs != null) {
                try {
                    rs.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if(stmt != null) {
                try {
                    stmt.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if(conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }
    }


    //SQL注入模拟
    @Test
    public void test_sqlInjection() {
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
//SQL注入1
            String username = "admin";
            String passwd = "' or '1'='1";
//SQL注入2
// String username = "' OR '1'='1'; -- ";
// String passwd = "随意";
//1.加载注册驱动
            Class.forName(driverClass);
//2.获取连接对象
            conn = DriverManager.getConnection(url,user,password);
//3.获取Statement对象
            stmt = conn.createStatement();
//4.执行SQL语句
            String sql = "select count(*) from t_user where name = '"+username+"' and password = '"+passwd + "'";
            System.out.println("sql: " + sql);rs = stmt.executeQuery(sql);
//5.处理结果集
            while(rs.next()) {
                int count = rs.getInt(1);
                System.out.println("count: " + count);
                if(count == 0)
                    System.out.println("登录失败！");
                else
                    System.out.println("登录成功！");
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
//6.释放资源
            if(rs != null) {
                try {
                    rs.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if(stmt != null) {
                try {
                    stmt.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if(conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }
    }
}